Lucene search

PalantirCVELIST:CVE-2022-48306

HistoryFeb 16, 2023 - 12:00 a.m.

CVE-2022-48306 Gotham Chat IRC help does not validate hostnames in TLS certificates

2023-02-1600:00:00

CWE-297

Palantir

www.cve.org

tls certificate validation

gotham chat irc

palantir gotham

man-in-the-middle

network communications

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

26.9%

JSON

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242.

CNA Affected

[
  {
    "vendor": "Palantir",
    "product": "Palantir Gotham Chat IRC helper",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "30221005.210011.9242",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-09.md

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for CVELIST:CVE-2022-48306